An IDG article in The New York Times notes that Nelson says almost all of the reported incidents "related to malware on online banking customers' PCs," which could have gotten there when customers were tricked into visiting a malicious Web site or downloading a Trojan horse program that gives hackers access to their banking passwords.

Small businesses are becoming a popular target because they often do not have the controls in place to prevent unauthorized payments from Automated Clearing House, a system that banks use to process payments between institutions.